Description
WordPress Plugin WooCommerce is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently verify user-supplied input. This may allow an attacker to gain access to sensitive information, which may aid in launching further attacks. WordPress Plugin WooCommerce version 3.4.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.4.6 or latest
References
https://www.ripstech.com/php-security-calendar-2018/#day-10
https://raw.githubusercontent.com/woocommerce/woocommerce/master/CHANGELOG.txt
Related Vulnerabilities
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26271)
WordPress Plugin YITH WooCommerce Points and Rewards Security Bypass (1.3.4)
Magento Improper Input Validation Vulnerability (CVE-2015-6497)
WordPress Plugin Related Posts for WordPress Cross-Site Scripting (2.0.3)
WordPress Plugin WP Airbnb Review Slider SQL Injection (3.2)